ASA-201712-10 log generated external raw

[ASA-201712-10] tor: multiple issues
Arch Linux Security Advisory ASA-201712-10 ========================================== Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-8819 CVE-2017-8820 CVE-2017-8822 CVE-2017-8823 Package : tor Type : multiple issues Remote : Yes Link : Summary ======= The package tor before version is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. Resolution ========== Upgrade to # pacman -Syu "tor>=" The problems have been fixed upstream in version Workaround ========== None. Description =========== - CVE-2017-8819 (information disclosure) An issue has been found in the way Tor before checked for replays, leading to a possible traffic confirmation attack. - CVE-2017-8820 (denial of service) A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before - CVE-2017-8822 (information disclosure) In Tor before, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. - CVE-2017-8823 (arbitrary code execution) A use-after-free vulnerability has been found in Tor before, leading to a crash of v2 Tor onion services when they failed to open circuits while expiring introduction points. Impact ====== A remote attacker might be able to reduce the anonymity of Tor users, cause a denial of service or execute arbitrary code on the affected host. References ==========